A lack of understanding of compliance issues is costing the UK billions of pounds a year, according to a survey of chief information officers that found employees were struggling with the IT controls put in place.

Consultancy su53 commissioned research among 200 UK enterprises and found that ineffective governance, risk management and compliance (GRC) controls were leading to lower productivity and lost sales.

In addition, three-quarters (74 percent) of businesses say that regulations and a fear of reputational damage are stifling innovation.

Su53 said the main problem was the strategic failure to align corporate reputation management with the practice of GRC.

Martyn Proctor, managing director at su53, said, “Ever since directives such as Basel II and Sarbanes Oxley came into force, businesses have been working hard to eliminate incidents of risk, such as corporate malpractice that impacts company reputation.

"Unfortunately, this has resulted in a climate of fear whereby the majority of controls implemented by enterprises are reactionary measures that create more problems than they address.”

Proctor said problems often arise because of a lack of co-ordination, creating a high degree of complexity around GRC.

For the research, Vanson Bourne surveyed 200 CIOs from organisations across the UK that employ more than 1,000 people.

From Computerworld UK blogs:

GRC platform market takes big steps toward clarity